Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)

Latrodectus is a Windows malware downloader that has been used since at least 2023 to download and execute additional payloads and modules. Latrodectus has most often been distributed through email campaigns, primarily by TA577 and TA578, and has infrastructure overlaps with historic IcedID operations.(Citation: Latrodectus APR 2024)(Citation: Bleeping Computer Latrodectus April 2024)(Citation: Bitsight Latrodectus June 2024)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f)	Attack Pattern	1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c)	Attack Pattern	1
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0)	Attack Pattern	1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Latrodectus - S1160 (76fde8df-3495-47c9-82eb-125c4f7fb621)	Malware	1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336)	Attack Pattern	2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Binary Padding - T1027.001 (5bfccc3f-2326-4112-86cc-c1ece9d8a2b5)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Dynamic API Resolution - T1027.007 (ea4c2f9c-9df1-477c-8c42-6da1118f2ac4)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Match Legitimate Resource Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Component Object Model - T1559.001 (2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64)	Attack Pattern	Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2